IT/CYSE 200T

Cybersecurity, Technology, and Society

Students in IT/CYSE 200T will explore how technology is related to cybersecurity from an interdisciplinary orientation.  Attention is given to the way that technologically-driven cybersecurity issues are connected to cultural, political, legal, ethical, and business domains. The learning outcomes for this course are as follows:

  1. Describe how cyber technology creates opportunities for criminal behavior,
  2. Identify how cultural beliefs interact with technology to impact cybersecurity strategies,
  3. Understand and describe how the components, mechanisms, and functions of cyber systems produce security concerns,
  4. Discuss the impact that cyber technology has on individuals’ experiences with crime and victimization,
  5. Understand and describe ethical dilemmas, both intended and unintended, that cybersecurity efforts, produce for individuals, nations, societies, and the environment,
  6. Describe the costs and benefits of producing secure cyber technologies,
  7. Understand and describe the global nature of cybersecurity and the way that cybersecurity efforts have produced and inhibited global changes,
  8. Describe the role of cybersecurity in defining definitions of appropriate an inappropriate behavior,
  9. Describe how cybersecurity produces ideas of progress and modernism.

Write-Up: The Human Factor in Cybersecurity

As a Chief Information Security Officer (CISO) working with a limited budget, I would focus on balancing investments between cybersecurity training and technology by prioritizing risk management, cost-effectiveness, and long-term security resilience. Since human error is a leading cause of breaches, I would allocate almost half, around 40% of the budget to security awareness training. This would include phishing awareness, password hygiene education, and incident response drills to ensure employees recognize and respond effectively to threats (Keepnet Labs, 2024). However, training alone is not enough; cybersecurity technology is essential for detecting and mitigating attacks. Therefore, I would allocate 50% of the budget to key security technologies such as Endpoint Detection and Response (EDR), Multi-Factor Authentication (MFA), and firewalls with Intrusion Detection Systems (IDS/IPS). Implementing a Zero Trust Architecture would further enhance security by minimizing unauthorized access and insider threats (CISA).

The remaining 10% of the budget would be dedicated to incident response planning and regulatory compliance. Having a well-prepared incident response strategy ensures that if a breach occurs, the organization can react quickly and minimize damage. Compliance with frameworks such as NIST, GDPR, and CISA guidelines would help mitigate legal and financial risks. This balanced approach—prioritizing both human and technical defenses—creates a layered security strategy that reduces vulnerabilities while fostering a strong cybersecurity culture within the organization. Cybersecurity is not just about acquiring advanced tools but also about ensuring that employees are well-equipped to recognize and prevent threats.

References

Keepnet Labs. (2024, January 29). What is human behavior in cybersecurity : Keepnet Labs – Keepnet. https://keepnetlabs.com/blog/the-complexity-of-human-behavior-in-cybersecurity

Zero trust maturity model: CISA. Cybersecurity and Infrastructure Security Agency CISA. (2022, January). https://www.cisa.gov/zero-trust-maturity-model

Discussion Board: Ethical Considerations of CRISPR Gene Editing

The intersection of biology and cybersecurity presents significant ethical concerns, particularly regarding the integrity of scientific research and the security of genetic data. The ability to encode malicious code into DNA sequences, as demonstrated by researchers, raises concerns about bioinformatics vulnerabilities and the potential compromise of genomic research. If an attacker were to embed harmful code into synthetic DNA, sequencing that DNA could infect the computer systems analyzing it, undermining the trustworthiness of genomic data. Additionally, the privacy and security of genetic information are at risk, as unauthorized access to genetic databases could lead to misuse, such as discrimination in healthcare or employment. Ensuring robust cybersecurity measures is essential to protect sensitive genetic data from being exploited by cybercriminals.

Another ethical concern involves the dual-use dilemma—while advancements in genetic engineering and sequencing technologies offer immense benefits, they also pose risks if misused for malicious purposes, such as bioterrorism or cyber-attacks on critical systems. To address this, clear ethical guidelines and regulations must be established to balance scientific progress with security concerns. Moreover, informed consent is crucial, as individuals providing genetic samples may not fully understand how their data will be stored, used, or shared. Strong data governance policies should ensure that participants are well-informed about potential risks and privacy protections. Finally, genetic discrimination is a growing concern; if unauthorized parties gain access to genetic information, it could be used to deny individuals employment, insurance, or other opportunities based on their DNA. Addressing these challenges requires an interdisciplinary approach, combining cybersecurity, bioethics, policy-making, and data privacy protections to ensure the ethical and secure use of genetic technologies.

Write Up: Exploring Attacks on Availability

An “attack on availability” in cybersecurity refers to deliberate actions by malicious actors aimed at disrupting access to systems, networks, or data, rendering them inaccessible to legitimate users. These attacks violate the availability component of the CIA triad (Confidentiality, Integrity, Availability), which is fundamental to information security. Common forms include Distributed Denial of Service (DDoS) attacks and ransomware incidents.

A recent example is the Medusa ransomware campaign, which has been active since 2021 and continues to pose a significant threat. Medusa infiltrates systems through phishing emails or by exploiting software vulnerabilities, encrypts critical files, and demands a ransom for their release. Victims are typically given a 48-hour window to respond, with threats of data exposure or further extortion if demands are not met. Notably, Medusa has affected over 300 victims across various sectors, including critical infrastructure such as hospitals and schools. The attackers often re-contact victims with additional extortion demands, exacerbating the disruption and financial impact on organizations (Fenster, 2025).

The broader implications of such attacks are profound. For organizations, they can lead to significant operational downtime, financial losses, reputational damage, and potential legal consequences, especially if sensitive data is compromised. Users may experience service disruptions and potential exposure of personal information. To defend against these threats, organizations are advised to implement robust security measures, including regular system updates, employee training on phishing awareness, deployment of advanced threat detection systems, and comprehensive incident response plans. Maintaining secure backups and employing strong, multifactor authentication protocols are also critical in mitigating the risks associated with ransomware attacks.

 

Fenster, J. (2025, March 18). How to spot Medusa Ransomware as FBI issues outlook … CTInsider. https://www.ctinsider.com/connecticut/article/ct-medusa-ransomware-cyberattack-phishing-outlook-20225822.php

Kato, B. (2025, March 18). Gmail, Outlook users warned of dangerous threat from Medusa Ransomware. New York Post. https://nypost.com/2025/03/18/tech/gmail-outlook-users-warned-of-dangerous-threat-from-medusa-ransomware